CVE-2024-37337

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS v3.0 4.3 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack::::::::
	cpe:2.3:a:microsoft:sql_server_2016:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*

History

23 Sep 2024, 17:00

Type	Values Removed	Values Added
First Time		Microsoft sql Server 2016 Microsoft sql Server 2019 Microsoft Microsoft sql Server 2022 Microsoft sql 2016 Azure Connect Feature Pack Microsoft sql Server 2017
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 - Patch, Vendor Advisory
CPE		cpe:2.3:a:microsoft:sql_server_2019:::::::x64:* cpe:2.3:a:microsoft:sql_server_2016:::::::x64:* cpe:2.3:a:microsoft:sql_server_2017:::::::x64:* cpe:2.3:a:microsoft:sql_server_2022:::::::x64:* cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack::::::::
CWE	~~CWE-197~~	NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 4.3

10 Sep 2024, 17:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 17:15

Updated : 2024-09-23 17:00

NVD link : CVE-2024-37337

Mitre link : CVE-2024-37337

JSON object : View

Products Affected

microsoft

sql_server_2017
sql_server_2016
sql_server_2022
sql_server_2019
sql_2016_azure_connect_feature_pack

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337", "name": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-37337", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2024-09-10T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "13.0.7037.1", "versionStartIncluding": "13.0.7000.253"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "13.0.6441.1", "versionStartIncluding": "13.0.6300.2"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "14.0.2060.1", "versionStartIncluding": "14.0.1000.169"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "14.0.3475.1", "versionStartIncluding": "14.0.3006.16"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.0.2120.1", "versionStartIncluding": "15.0.2000.5"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.0.4390.2", "versionStartIncluding": "15.0.4003.23"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.0.1125.1", "versionStartIncluding": "16.0.1000.6"}, {"cpe23Uri": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.0.4140.3", "versionStartIncluding": "16.0.4003.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-09-23T17:00Z"}